How to use Nmap on Windows and Linux?

Nmap
Nmap

Last updated: July 3, 2022

Nmap is an open source port scanner that provides information about the operating system of a remote computer. This software is increasingly used by network administrators because it provides very precise indications of a network.

Nmap is available on Linux, Windows and Mac OS.

In this article we will see the basic operation of Nmap. Then, we will define the weak points of your network or your machines to avoid unforeseen attacks.

What is the role of Nmap?

The purpose of the Nmap scanner is very simple: it allows you to find in a very short time, all open ports on a remote machine. It also allows you to know the type and version of the OS running on the machine.

For example we can discover thanks to NMAP that a system hosts Windows Server with a certain version. If this version of Windows has listed vulnerabilities, you can then launch attacks to take control of this machine.

Nmap installation

On Windows

First of all, first download the file in .EXE Nmap.
Once the file is recovered, double-click on it. The installation wizard opens. Then successively click on NEXTI agree, Next, Next.

Nmap Windows installation
Nmap Windows installation

Then click install, And then Finish.
At the end of the installation, open thecommand prompt and move to the folder Nmap "C:\Program Files (x86)\Nmap"  with the following commands:

c:
cd "\Program Files (x86)\Nmap"

nmap-windows
Note that Nmap for Windows now includes the GUI. If you prefer to use it with the interface, there should be a new icon on your desktop.

However here, we will teach you how to use Nmap from the command line. It's faster and more convenient.

On linux

If you are under the Debian-based distributions, the NMAP package is pre-installed and you just have to type the following command:

sudo apt-get install nmap

Then if you use  kali-linux , you won't have to do the installation. It is also already installed on your system.
Finally, if you use distributions based on RPM packages (Redhat, Mandrake, Suse, etc.) then these simple commands usually do the trick:

rpm -vhU https://nmap.org/dist/nmap-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/zenmap-7.80-1.noarch.rpm
rpm -vhU https://nmap.org/dist/ncat-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/nping-0.7.80-1.x86_64.rpm

Note that on Linux, you can also use Nmap with a graphical interface thanks to Zenmap.

How to use Nmap?

Identify the operating system of a remote machine

nmap -O 127.0.0.1

Si Nmap can not identify the version of your OS, we can display a list of systems that could potentially match.

nmap -O --osscan-guess 127.0.0.1

Discover machines on a network

If you want to identify all the machines on your network.

nmap -sp 192.168.0.0/10

See the open ports on a machine

Un port scan allows you to see how your machine is seen from the outside, which services are accessible. On the other hand, a port scan allows a hacker to see the services running remotely in order to find a flaw in one of these services. That way, he can go further in the attack.

nmap127.0.0.1

To scan a specific port. Here is the port http:

nmap –p 80 127.0.0.1

Spoof the MAC address

L'MAC address spoofing and the changing a MAC address so that it looks like another network card. This technique is called "MAC Spoofing"

nmap --spoof-mac 01:02:03:04:05:06 127.0.0.1
nmap --spoof-mac Cisco 127.0.0.1

See all open TCP ports

nmap –sS 80 127.0.0.1

See all open UDP ports

nmap –sp 80 127.0.0.1

FTP bounce scan

FTP bounce scanning is provided by the -b option. It allows you to ask an FTP server to scan the ports for you. This technique is a bit old but it is still possible to find vulnerable FTP servers.

In my case, I go through my local FTP server which has the address 127.0.0.1 to scan a range ofIP addresses :

nmap -b 127.0.0.1 192.168.0,.0-255

The real usefulness of Nmap for pentesters lies in the combination of the latter with Metasploit Framework to scan one or more machines and automatically launch exploits.

Finally, I strongly encourage you to test Nmap on your network in order to verify that your machines do not present any exploitable flaw.

And if you have other examples of Nmap uses, you can post them in a comment.